[69806] in North American Network Operators' Group
Re: TCP RST attack (the cause of all that MD5-o-rama)
daemon@ATHENA.MIT.EDU (Owen DeLong)
Tue Apr 20 15:00:40 2004
Date: Tue, 20 Apr 2004 11:58:13 -0700
From: Owen DeLong <owen@delong.com>
To: James <haesu@towardex.com>, Mike Tancsa <mike@sentex.net>
Cc: nanog@merit.edu
In-Reply-To: <20040420185416.GA78419@scylla.towardex.com>
Errors-To: owner-nanog-outgoing@merit.edu
--==========C1FDB23680A056873CDA==========
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
How do you tell an adjacent TTL set to 1 from a TTL set to 5 four hops =
away?
Owen
--On Tuesday, April 20, 2004 14:54 -0400 James <haesu@towardex.com> wrote:
>
> now let me take a bite at this :P
>
> i can see this 'attack' operational against a multihop bgp session that's
> not md5'd.
>
> now the question is... would this also affect single-hop bgp sessions?
> my understanding would be no, as single-hops require ttl set to 1.
>
> -J
>
>
> On Tue, Apr 20, 2004 at 01:36:09PM -0400, Mike Tancsa wrote:
>>
>>
>>
>> http://www.uniras.gov.uk/vuls/2004/236929/index.htm
>>
>> --------------------------------------------------------------------
>> Mike Tancsa, tel +1 519 651 3400
>> Sentex Communications, mike@sentex.net
>> Providing Internet since 1994 www.sentex.net
>> Cambridge, Ontario Canada www.sentex.net/mike
--=20
If this message was not signed with gpg key 0FE2AA3D, it's probably
a forgery.
--==========C1FDB23680A056873CDA==========
Content-Type: application/pgp-signature
Content-Transfer-Encoding: 7bit
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (Darwin)
iD8DBQFAhXLFn5zKWQ/iqj0RAsSyAJ9RONuWk5D8hiEcBamLbZ7htzpc/wCggk/2
i1dmnbMqghiOZi0FIV0l+Lg=
=3xFJ
-----END PGP SIGNATURE-----
--==========C1FDB23680A056873CDA==========--
